Vulnerability Details CVE-2026-34911
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 47.8%
CVSS Severity
CVSS v3 Score 7.7
Products affected by CVE-2026-34911
-
cpe:2.3:a:ui:unifi_os_server:4.3.6
-
cpe:2.3:a:ui:unifi_os_server:5.0.6
-
cpe:2.3:h:ui:enterprise_fortress_gateway:-
-
cpe:2.3:h:ui:enterprise_network_video_recorder:-
-
cpe:2.3:h:ui:enterprise_network_video_recorder_core:-
-
-
-
-
cpe:2.3:h:ui:unas_pro_4:-
-
cpe:2.3:h:ui:unas_pro_8:-
-
cpe:2.3:h:ui:unifi_cloud_gateway_fiber:-
-
cpe:2.3:h:ui:unifi_cloud_gateway_industrial:-
-
cpe:2.3:h:ui:unifi_cloud_gateway_max:-
-
cpe:2.3:h:ui:unifi_cloud_gateway_ultra:-
-
cpe:2.3:h:ui:unifi_cloud_key_plus:-
-
cpe:2.3:h:ui:unifi_cloudkey:-
-
cpe:2.3:h:ui:unifi_cloudkey_enterprise:-
-
cpe:2.3:h:ui:unifi_dream_machine:-
-
cpe:2.3:h:ui:unifi_dream_machine_beast:-
-
cpe:2.3:h:ui:unifi_dream_machine_pro:-
-
cpe:2.3:h:ui:unifi_dream_machine_pro_max:-
-
cpe:2.3:h:ui:unifi_dream_machine_special_edition:-
-
cpe:2.3:h:ui:unifi_dream_router:-
-
cpe:2.3:h:ui:unifi_dream_router_5g_max:-
-
cpe:2.3:h:ui:unifi_dream_router_7:-
-
cpe:2.3:h:ui:unifi_dream_wall:-
-
cpe:2.3:h:ui:unifi_express_7:-
-
cpe:2.3:h:ui:unifi_network_video_recorder:-
-
cpe:2.3:h:ui:unifi_network_video_recorder_g2:-
-
cpe:2.3:h:ui:unifi_network_video_recorder_g2_pro:-
-
cpe:2.3:h:ui:unifi_network_video_recorder_instant:-
-
cpe:2.3:h:ui:unifi_network_video_recorder_pro:-
-
cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*
-
cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*
-
cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*
-
cpe:2.3:o:ui:unas_2_firmware:*
-
cpe:2.3:o:ui:unas_4_firmware:*
-
cpe:2.3:o:ui:unas_pro_4_firmware:*
-
cpe:2.3:o:ui:unas_pro_8_firmware:*
-
cpe:2.3:o:ui:unas_pro_firmware:*
-
cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*
-
cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*
-
cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*
-
cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*
-
cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*
-
cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*
-
cpe:2.3:o:ui:unifi_cloudkey_firmware:*
-
cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*
-
cpe:2.3:o:ui:unifi_dream_machine_firmware:1.5.6
-
cpe:2.3:o:ui:unifi_dream_machine_firmware:1.8.3
-
cpe:2.3:o:ui:unifi_dream_machine_firmware:1.8.4
-
cpe:2.3:o:ui:unifi_dream_machine_firmware:1.8.5
-
cpe:2.3:o:ui:unifi_dream_machine_firmware:1.8.6
-
cpe:2.3:o:ui:unifi_dream_machine_firmware:1.9.0
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.6.4
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.6.5
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.6.6
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.7.0
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.7.2
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.8.0
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.8.3
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.8.4
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.8.5
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.8.6
-
cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:1.9.0
-
cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*
-
cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*
-
cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*
-
cpe:2.3:o:ui:unifi_dream_router_7_firmware:*
-
cpe:2.3:o:ui:unifi_dream_router_firmware:*
-
cpe:2.3:o:ui:unifi_dream_wall_firmware:*
-
cpe:2.3:o:ui:unifi_express_7_firmware:*
-
cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*
-
cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*
-
cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*
-
cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*
-
cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*